Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• AI helps humans speed app modernization, improve security

  Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity. Continue Reading

• The ultimate guide to cybersecurity planning for businesses

  This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading

• The complete guide to ransomware

  Organizations in every industry can be targets of cybercrime for profit. Get expert advice on ransomware prevention, detection and recovery in our comprehensive guide. Continue Reading

• How API gateways improve API security

  API gateways keep APIs secure by providing rate limiting, DDoS protection and more. Learn more about these benefits, along with API gateway security best practices. Continue Reading

• Top 10 threat modeling tools, plus features to look for

  Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process. Continue Reading

• How AI benefits network detection and response

  Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response.Continue Reading

• Blockchain security: Everything you should know for safe use

  Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses.Continue Reading

• App development trends and their security implications

  Enterprise Strategy Group analysts look at how organizations are modernizing software development processes and how security teams can support the growth and scale.Continue Reading

• Cyber-risk quantification benefits and best practices

  It's not enough to know cybersecurity threats exist. More importantly, companies must understand cyber-risks in ways stakeholders can measure and discuss.Continue Reading

• New AWS security tools, updates help IT protect cloud apps

  AWS released a slew of updates to improve security as IT pros develop and deploy more enterprise applications via public cloud services.Continue Reading

• Risk assessment vs. threat modeling: What's the difference?

  Risk assessments and threat modeling each address potential risks. But they play distinct roles in how they help companies protect systems and data.Continue Reading

• Cisco releases new security offerings at Cisco Live 2023

  At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security.Continue Reading

• Benefits of risk-based vulnerability management over legacy VM

  Risk-based vulnerability management not only offers a proactive way to identify vulnerable assets, but it also helps prevent alert fatigue and improve patch prioritization.Continue Reading

• Top blockchain attacks, hacks and security issues explained

  Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues.Continue Reading

• 6 blockchain use cases for cybersecurity

  Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain.Continue Reading

• Low-code/no-code use cases for security

  Low-code/no-code development approaches have their fair share of security issues, but that doesn't mean they can't be used to benefit the security industry, too.Continue Reading

• Top breach and attack simulation use cases

  While pen tests offer a point-in-time report on the security of an organization's security defenses, breach and attack simulations offer regular or even constant status checks.Continue Reading

• The potential danger of the new Google .zip top-level domain

  How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them.Continue Reading

• Closing the book on RSA Conference 2023

  AI, cloud security, SOC modernization and security hygiene and posture management were all hot topics at RSAC in San Francisco this year.Continue Reading

• 5 SBOM tools to start securing the software supply chain

  Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications.Continue Reading

• 2023 RSA Conference insights: Generative AI and more

  Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways.Continue Reading

• It's time to harden AI and ML for cybersecurity

  An RSA Conference panel said that now is the time to become proactive against AI and ML adversarial attacks -- before they become more sophisticated.Continue Reading

• How Target built its DevSecOps culture using psychology

  Building a healthy DevSecOps culture isn't easy. Learn how Target used organizational psychology to get development and application security teams on the same page.Continue Reading

• Generative AI in SecOps and how to prepare

  Generative AI assistants could be game changers in the SOC -- but not if SecOps teams haven't prepared for them. Here's how to get ready.Continue Reading

• Standardized data collection methods can help fight cybercrime

  Implementing standards similar to NERC CIP for the entire cybersecurity industry could make it easier for law enforcement to investigate and prosecute cyber attackers.Continue Reading

• Top 14 ransomware targets in 2023 and beyond

  Two in three organizations suffered ransomware attacks in a single 12-month period, according to recent research. And, while some industries are taking particularly hard hits, no one is safe.Continue Reading

• Pen testing amid the rise of AI-powered threat actors

  The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams.Continue Reading

• 10 hot topics to look for at RSA Conference 2023

  RSA Conference 2023 promises another exciting year of cybersecurity discussions and hyperbole. Enterprise Strategy Group's Jon Oltsik shares what he hopes to see at the show.Continue Reading

• 5 ChatGPT security risks in the enterprise

  Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks.Continue Reading

• Top RSA Conference 2023 trends and topics

  Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more.Continue Reading

• Compare breach and attack simulation vs. penetration testing

  A deep dive into breach and attack simulation vs. penetration testing shows both tools prevent perimeter and data breaches. Find out how they complement each other.Continue Reading

• 8 cloud detection and response use cases

  Unsure whether cloud detection and response could be useful for your organization? These eight use cases could make CDR indispensable.Continue Reading

• 6 principles for building engaged security governance

  Security governance isn't enough. Enter engaged security governance -- an ongoing process that aligns business strategy with security across an organization.Continue Reading

• Is cybersecurity recession-proof?

  No field is totally immune to economic downturns, but flexible, practical and prepared cybersecurity professionals should be able to weather any upcoming storms.Continue Reading

• Research examines security operations proficiency issues

  Instead of looking at where security operations teams excel, Enterprise Strategy Group asked security pros where teams are least proficient. Learn where and how to fix it.Continue Reading

• Accurately assessing the success of zero-trust initiatives

  Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after implementation is even more difficult.Continue Reading

• Top benefits of SOAR tools, plus potential pitfalls to consider

  To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success.Continue Reading

• Top 6 SOAR use cases to implement in enterprise SOCs

  Automating basic SOC workflows with SOAR can improve an organization's security posture. Explore six SOAR use cases to streamline SOC processes and augment human analysts.Continue Reading

• Top incident response service providers, vendors and software

  Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options.Continue Reading

• Web3 blockchain enables users to take control of identity

  A centralized identity model creates security and privacy risks. Decentralized identity through Web3 could mitigate these risks, but companies must adapt to keep pace.Continue Reading

• Inside the PEIR purple teaming model

  Want to try purple team exercises but aren't sure how to do so? Try the 'Prepare, Execute, Identify and Remediate' purple teaming model.Continue Reading

• Understanding purple teaming benefits and challenges

  Blue teams and red teams are coming together to form purple teams to improve their organization's security posture. What does this mean for the rivals? And how does it work?Continue Reading

• Web 3.0 security risks: What you need to know

  Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0.Continue Reading

• Top takeaways from first CloudNativeSecurityCon

  TechTarget's Enterprise Strategy Group offers the main takeaways from the first vendor-neutral, practitioner-driven conference for security.Continue Reading

• How to become an incident responder: Requirements and more

  Incident response is a growth field that provides career growth options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications.Continue Reading

• DevSecOps needs to improve to grow adoption rates, maturity

  Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps.Continue Reading

• 6 data security predictions for 2023

  New tools are proliferating to secure data wherever it lives. Six data security trends -- ranging from AI washing to new data security platforms -- are in the forefront for 2023.Continue Reading

• 4 identity predictions for 2023

  Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more.Continue Reading

• Understanding the importance of data encryption

  Encryption is a foundational element of cybersecurity. Organizations should implement encryption to counter the ever-growing threat of data breaches.Continue Reading

• What cybersecurity consolidation means for enterprises

  Experts predict cybersecurity consolidation will increase in the months and years ahead. Security leaders should consider what that means for their purchasing strategies.Continue Reading

• 5 ethical hacker certifications to consider

  From Offensive Security Certified Professional to GIAC Web Application Penetration Tester, learn about the certifications worth earning to begin your ethical hacker career.Continue Reading

• How cyber deception technology strengthens enterprise security

  They say the best defense is a good offense. Cyber deception puts that philosophy into practice in the enterprise, using a combination of technology and social engineering.Continue Reading

• 5 ways to enable secure software development in 2023

  Security teams have to help developers ensure security software development, but in today's rapidly scaling cloud environments, it's a challenging task.Continue Reading

• 8 cybersecurity roles to consider

  Cybersecurity is an exciting and increasingly important field with a wealth of career opportunities. Explore eight cybersecurity roles and the skills, talent and experience required.Continue Reading

• 4 tips to find cyber insurance coverage in 2023

  The cyber insurance industry is settling down but isn't without challenges. Read up on cyber insurance in 2023 and how to get the most from your organization's coverage this year.Continue Reading

• How to select a security analytics platform, plus vendor options

  Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools.Continue Reading

• 6 cybersecurity buzzwords to know in 2023

  Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out.Continue Reading

• Top 10 ICS cybersecurity threats and challenges

  Industrial control systems are subject to both unique and common cybersecurity threats and challenges. Learn about the top ones here and how to mitigate them.Continue Reading

• State of data privacy laws in 2023

  Concern about how personal data is processed and stored is leading to the passage of new regulations that govern how companies handle consumer data.Continue Reading

• What is risk management and why is it important?

  Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.Continue Reading

• 3 enterprise network security predictions for 2023

  It's shaping up to be another banner year for network security. 2023 may see decryption-less threat detection, connected home-caused enterprise breaches and new SASE drivers.Continue Reading

• Understanding current XDR elements and options

  What do existing extended detection and response products provide? Learn about EDR+, SIEM+ and Comprehensive options, which all provide varying levels of XDR.Continue Reading

• 10 cybersecurity certifications to boost your career in 2023

  A consensus of industry professionals rank these 10 security certifications as the most coveted by employers and security pros -- plus links to 10 vendor security certifications.Continue Reading

• 11 cybersecurity predictions for 2023

  Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true?Continue Reading

• Low-code/no-code security risks climb as tools gain traction

  Organizations are looking for ways to reduce their application development costs, but automated coding can usher in some unpleasant surprises if you're unprepared.Continue Reading

• After the CISO role: Navigating what comes next

  Former chief information security officers may have numerous career options available but no clear path forward. Here's how to navigate life after the CISO role.Continue Reading

• Understanding malware analysis and its challenges

  Discover what to expect in a malware analyst career, from the types of malware you'll encounter to important tools to use to difficulties that arise for those new to the field.Continue Reading

• Why is malware analysis important?

  Malware continues to plague all organizations, causing data loss and reputational damage. Discover how malware analysis helps protect companies from such attacks.Continue Reading

• How to implement least privilege access in the cloud

  More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud.Continue Reading

• XDR definitions don't matter, outcomes do

  Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023.Continue Reading

• Top 5 vulnerability scanning tools for security teams

  Use these five vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more.Continue Reading

• Do companies need cyber insurance?

  As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks.Continue Reading

• Top Kali Linux tools and how to use them

  Learning to use Kali Linux is a journey, the first step of which is discovering which of the hundreds of cybersecurity tools included are most relevant to the task at hand.Continue Reading

• Reality check: CISO compensation packages run the gamut

  A capable security executive is invaluable -- a fact organizations increasingly recognize. CISOs' salaries are generally trending up, but the range in compensation is wide.Continue Reading

• How Wireshark OUI lookup boosts network security

  Learn why using Wireshark OUI lookup for tracking devices by their network interface's organizationally unique identifier is such an important tool for security pros.Continue Reading

• Secure development focus at KubeCon + CloudNativeCon 2022

  The pressure is on. It's time for better security that can keep up with modern software developers. That was the message at this year's KubeCon + CloudNativeCon.Continue Reading

• How to perform a cybersecurity risk assessment in 5 steps

  This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues.Continue Reading

• Multichannel communications need more than email security

  To remain protected against social engineering attacks in all communication channels, enterprises need new security strategies that extend beyond email to new collaboration tools.Continue Reading

• Types of vulnerability scanning and when to use each

  Vulnerability scanning gives companies a key weapon when looking for security weaknesses. Discovery, assessment and threat prioritization are just a few of its benefits.Continue Reading

• 3 best professional certifications for CISOs and aspiring CISOs

  While one doesn't necessarily need professional cybersecurity certifications to become a CISO, they don't hurt. Explore the best certifications for CISOs and aspiring CISOs.Continue Reading

• Ideal CISO reporting structure is to high-level business leaders

  CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best.Continue Reading

• It's time to rethink security certification for OT devices

  Security certifications don't protect OT devices from vulnerable processes and insecure-by-design practices. It's time to update security certs for the connected OT age.Continue Reading

• Enterprise ransomware preparedness improving but still lacking

  An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks.Continue Reading

• How Sheltered Harbor helps banks navigate cyber-recovery

  Banks must be able to recover quickly from a cyber attack -- a difficult task, given the volume and sophistication of attacks. The not-for-profit Sheltered Harbor aims to help.Continue Reading

• Why it's time to expire mandatory password expiration policies

  Password expiration policies that force users to regularly reset passwords are counterproductive. It's time to align those policies with proven approaches to password security.Continue Reading

• Top security-by-design frameworks

  Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle.Continue Reading

• The top 5 ethical hacker tools to learn

  Ethical hackers have a wealth of tools at their disposal that search for vulnerabilities in systems. Learn about five such tools that should be part of any hacker's tool set.Continue Reading

• What is the zero-trust security model?

  The zero-trust security model is a cybersecurity approach that denies access to an enterprise's digital resources by default and grants authenticated users and devices tailored, siloed access to only the applications, data, services and systems they...Continue Reading

• Compare vulnerability assessment vs. vulnerability management

  Vulnerability assessments and vulnerability management are different but similar-sounding security terms. Discover their similarities and differences.Continue Reading

• The role of transparency in digital trust

  To retain digital trust, organizations must be transparent in the aftermath of cybersecurity attacks and data breaches. Learn more about the roles of transparency in trust.Continue Reading

• Why Kali Linux is the go-to distribution for penetration testing

  Discover why penetration testers prefer to use the Kali Linux distribution for offensive security, from collecting useful tools together to being usable from multiple devices.Continue Reading

• Perimeter security vs. zero trust: It's time to make the move

  Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future.Continue Reading

• Top zero-trust certifications and training courses

  Most organizations are expected to implement zero trust in the next few years. Learn about zero-trust certifications and trainings that can help prepare your security team.Continue Reading

• Top zero-trust use cases in the enterprise

  Still hesitating to adopt zero trust? Learn about the main zero-trust use cases, as well as its benefits, myths and trends that are beginning to emerge.Continue Reading

• Top 6 benefits of zero-trust security for businesses

  The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here.Continue Reading

• Multifactor authentication isn't perfect, passwordless is better

  Passwords are frequently the root cause of breaches, and multifactor authentication only provides a stopgap for account protection. It's time to adopt a passwordless strategy.Continue Reading

• Compare zero trust vs. the principle of least privilege

  Zero trust and the principle of least privilege may appear to solve the same issue, but they have their differences. Read up on the two methodologies.Continue Reading

• 10 PCI DSS best practices to weigh as new standard rolls out

  PCI's Security Standards Council revamped the requirements governing how organizations store payment card information. Companies need to act fast to ensure they are in compliance.Continue Reading

• Does AI-powered malware exist in the wild? Not yet

  AI sending out malware attacks may invoke images of movielike, futuristic technology, but it may not be too far from reality. Read up on the future of AI-powered malware.Continue Reading

• 10 security-by-design principles to include in the SDLC

  Security is rarely a priority in the SDLC, but it should be. Adhere to these security-by-design principles for secure software and learn the importance of threat modeling.Continue Reading